In association with heise online

22 August 2006, 17:37

The service company SPI Dynamics has described a means of carrying out a JavaScript port scan from a web browser. If an attacker were to place such a script on their website, they would be able to scout out the user's network, even if it is protected behind a firewall. In combination with cross site scripting vulnerabilities this could become a security risk. SPI Dynamics outlines in their document how the attack works and links to an example script, which will locate all the web servers on the user's intranet and determine the type of server.

Print Version | Permalink:
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit